aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-25 03:54:15 -04:00
Code Activity

patch 9.0.1160: ASAN error for ufunc_T allocated with wrong size

Browse Source 
Problem:    ASAN error for ufunc_T allocated with wrong size.
Solution:   Make sure the size can always fit the struct.
This commit is contained in:
Bram Moolenaar
2023-01-08 20:31:18 +00:00
parent 8367716a6e
commit e01e5215f9
2 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/userfunc.c
View File

@@ -641,6 +641,19 @@ get_lambda_name(void)
return name; return name;
} }
/*
* Allocate a "ufunc_T" for a function called "name".
* Makes sure the size is right.
*/
static ufunc_T *
alloc_ufunc(char_u *name)
{
// When the name is short we need to make sure we allocate enough bytes for
// the whole struct, including any padding.
size_t len = offsetof(ufunc_T, uf_name) + STRLEN(name) + 1;
return alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len);
}
#if defined(FEAT_LUA) || defined(PROTO) #if defined(FEAT_LUA) || defined(PROTO)
/* /*
* Registers a native C callback which can be called from Vim script. * Registers a native C callback which can be called from Vim script.
@@ -652,7 +665,7 @@ register_cfunc(cfunc_T cb, cfunc_free_T cb_free, void *state)
char_u *name = get_lambda_name(); char_u *name = get_lambda_name();
ufunc_T *fp; ufunc_T *fp;
fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); fp = alloc_ufunc(name);
if (fp == NULL) if (fp == NULL)
return NULL; return NULL;
@@ -1356,7 +1369,7 @@ lambda_function_body(
} }
name = get_lambda_name(); name = get_lambda_name();
ufunc = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); ufunc = alloc_ufunc(name);
if (ufunc == NULL) if (ufunc == NULL)
goto erret; goto erret;
set_ufunc_name(ufunc, name); set_ufunc_name(ufunc, name);
@@ -1557,7 +1570,7 @@ get_lambda_tv(
char_u *line_end; char_u *line_end;
char_u *name = get_lambda_name(); char_u *name = get_lambda_name();
fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); fp = alloc_ufunc(name);
if (fp == NULL) if (fp == NULL)
goto errret; goto errret;
fp->uf_def_status = UF_NOT_COMPILED; fp->uf_def_status = UF_NOT_COMPILED;
@@ -2558,7 +2571,7 @@ copy_lambda_to_global_func(
return FAIL; return FAIL;
} }
fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(global) + 1); fp = alloc_ufunc(global);
if (fp == NULL) if (fp == NULL)
return FAIL; return FAIL;
@@ -5081,7 +5094,7 @@ define_function(
} }
} }
fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); fp = alloc_ufunc(name);
if (fp == NULL) if (fp == NULL)
goto erret; goto erret;
fp_allocated = TRUE; fp_allocated = TRUE;
@@ -5525,10 +5538,7 @@ get_user_func_name(expand_T *xp, int idx)
ufunc_T * ufunc_T *
copy_function(ufunc_T *fp) copy_function(ufunc_T *fp)
{ {
// The struct may have padding, make sure we allocate at least the size of ufunc_T *ufunc = alloc_ufunc(fp->uf_name);
// the struct.
size_t len = offsetof(ufunc_T, uf_name) + STRLEN(fp->uf_name) + 1;
ufunc_T *ufunc = alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len);
if (ufunc == NULL) if (ufunc == NULL)
return NULL; return NULL;

2
src/version.c
View File

@@ -695,6 +695,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1160,
/**/ /**/
1159, 1159,
/**/ /**/